Aeglis API Reference

Welcome to the Aeglis API documentation. The Aeglis API allows you to embed enterprise-grade malware, phishing, and zero-day threat detection directly into your applications.

Our hybrid engine uses a waterfall architecture: it cross-references distributed threat caches instantly, and if the payload is unknown, it triggers a deep autopsy powered by the Aeglis dedicated AI intelligence core.

Base URL: https://api.aeglis.com/v3

Authentication

Authenticate your API requests by including your secret API key in the Authorization header of every request. You can generate and manage your API keys from the Developer Dashboard.

Authorization: Bearer sk_live_YOUR_SECRET_KEY

⚠️ Warning: Your API keys carry many privileges. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, or frontend JavaScript.

Rate Limits

Rate limits are applied based on your current subscription plan. If you exceed your monthly quota, the API will respond with a 429 Too Many Requests error.

PlanRequests / MonthConcurrency Limit
Free API1001 req/sec
Startup API10,0005 req/sec
Enterprise API50,00025 req/sec

Scan Text & URLs

This is a synchronous, high-speed endpoint. Use this to instantly sanitize user messages, chat logs, or individual URLs. It checks caches, global databases, and AI models in real-time (<100ms latency on cache hits).

POST /api/scan

Example Request

curl -X POST https://api.aeglis.com/v3/api/scan \
  -H "Authorization: Bearer sk_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "input_text": "Claim your free airdrop here: http://crypto-scam.xyz",
    "user_id": "usr_8923"
  }'
import requests

url = "https://api.aeglis.com/v3/api/scan"
payload = {
    "input_text": "Claim your free airdrop here: http://crypto-scam.xyz",
    "user_id": "usr_8923"
}
headers = {
    "Authorization": "Bearer sk_live_your_key",
    "Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.json())
const fetch = require('node-fetch');

const url = 'https://api.aeglis.com/v3/api/scan';
const options = {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk_live_your_key',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    input_text: 'Claim your free airdrop here: http://crypto-scam.xyz',
    user_id: 'usr_8923'
  })
};
fetch(url, options)
  .then(res => res.json())
  .then(json => console.log(json))
  .catch(err => console.error('error:', err));
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.aeglis.com/v3/api/scan");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$headers = [
    "Authorization: Bearer sk_live_your_key",
    "Content-Type: application/json"
];
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$data = [
    "input_text" => "Claim your free airdrop here: http://crypto-scam.xyz",
    "user_id" => "usr_8923"
];
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>

Example Response

{
  "status": "success",
  "data": {
    "risk_level": "DANGER",
    "reason": "Context AI match: Known phishing domain and social engineering attempt detected."
  }
}

Deep File Autopsy

This endpoint handles complex files (PDFs, APKs, Images). Because decompiling an APK or extracting JS from a PDF can take a few seconds, this is an asynchronous endpoint. It immediately returns a 202 Accepted status, and dispatches the final result to your configured Webhook.

POST /api/deep-scan

Example Request

curl -X POST https://api.aeglis.com/v3/api/deep-scan \
  -H "Authorization: Bearer sk_live_your_key" \
  -F "file=@/path/to/kyc_document.pdf" \
  -F "input_text=User uploaded KYC doc."
import requests

url = "https://api.aeglis.com/v3/api/deep-scan"
headers = {"Authorization": "Bearer sk_live_your_key"}
with open("kyc_document.pdf", "rb") as f:
    files = {"file": f}
    data = {"input_text": "User uploaded KYC doc."}
    response = requests.post(url, headers=headers, files=files, data=data)
    print(response.json())
const fetch = require('node-fetch');
const fs = require('fs');
const FormData = require('form-data');

const form = new FormData();
form.append('file', fs.createReadStream('kyc_document.pdf'));
form.append('input_text', 'User uploaded KYC doc.');

fetch('https://api.aeglis.com/v3/api/deep-scan', {
  method: 'POST',
  headers: { 'Authorization': 'Bearer sk_live_your_key', ...form.getHeaders() },
  body: form
}).then(res => res.json()).then(json => console.log(json));
<?php
$ch = curl_init();
$cfile = new CURLFile('kyc_document.pdf', 'application/pdf', 'kyc_document.pdf');
$data = ['file' => $cfile, 'input_text' => 'User uploaded KYC doc.'];
curl_setopt($ch, CURLOPT_URL, "https://api.aeglis.com/v3/api/deep-scan");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer sk_live_your_key"]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
?>

Initial Response (Immediate)

{
  "status": "processing",
  "message": "File accepted. Result will be dispatched to your Webhook."
}

Webhooks Setup

When a background Deep Scan finishes, Aeglis sends an HTTP POST request to your configured Webhook URL. You can set this URL and obtain your Webhook Secret in the Developer Dashboard.

Webhook Payload Example

{
  "event": "scan.completed",
  "timestamp": 1712419200,
  "data": {
    "risk_level": "DANGER",
    "reason": "Hidden Javascript Execution Block found inside PDF.",
    "file": "kyc_document.pdf"
  }
}

Verify Signatures (HMAC)

To ensure the webhook was actually sent by Aeglis and not a malicious actor, every webhook includes a Aeglis-Signature header. The signature is generated using HMAC-SHA256 with your Webhook Secret.

Compute the HMAC of the raw request body using your secret, and compare it to the header.

const crypto = require('crypto');
const express = require('express');
const app = express();

// Important: We need the raw body to verify the signature exactly
app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => {
    const signature = req.headers['aeglis-signature'];
    const secret = process.env.AEGLIS_WEBHOOK_SECRET;
    const expectedSignature = 'v1=' + crypto
        .createHmac('sha256', secret)
        .update(req.body)
        .digest('hex');
    if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) {
        const payload = JSON.parse(req.body);
        console.log("Valid Webhook received:", payload.data.risk_level);
        res.status(200).send("OK");
    } else {
        res.status(401).send("Invalid signature");
    }
});
import hmac
import hashlib
import json
from fastapi import FastAPI, Request, Header, HTTPException

app = FastAPI()

@app.post("/webhook")
async def aeglis_webhook(request: Request, aeglis_signature: str = Header(None)):
    secret = b"whsec_your_secret"
    body = await request.body()
    expected_sig = "v1=" + hmac.new(secret, body, hashlib.sha256).hexdigest()
    if not hmac.compare_digest(expected_sig, aeglis_signature):
        raise HTTPException(status_code=401, detail="Invalid signature")
    payload = json.loads(body)
    print("Webhook Valid:", payload['data']['risk_level'])
    return {"status": "OK"}
<?php
$secret = 'whsec_your_secret';
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_AEGLIS_SIGNATURE'] ?? '';
$expected = 'v1=' . hash_hmac('sha256', $payload, $secret);
if (hash_equals($expected, $signature)) {
    $data = json_decode($payload, true);
    echo "Webhook Valid: " . $data['data']['risk_level'];
} else {
    http_response_code(401);
    echo "Invalid signature";
}
?>

Error Codes

Aeglis uses standard HTTP response codes to indicate the success or failure of an API request.

CodeMeaningDescription
200OKThe request was successful and the threat analysis is complete.
202AcceptedThe file is accepted and processing in the background (Deep Scan).
400Bad RequestThe request was unacceptable, often due to missing required parameters.
401UnauthorizedNo valid API key provided, or key is inactive.
413Payload Too LargeThe uploaded file exceeds the 50MB strict limit.
429Too Many RequestsYou have exceeded your concurrency limit.
402Monthly Quota ExceededYou have exceeded your monthly API quota limit.
500Server ErrorSomething went wrong on Aeglis's end. (Rare)
SDK Reference

Node.js SDK

npm install aeglis-sdk

The Aeglis Node.js SDK provides a secure, lightweight wrapper around the Aeglis v3 Threat Intelligence API. It simplifies payload delivery, streaming file uploads, and handles enterprise-grade cryptographic webhook validation out of the box.

Installation

Install the package from the NPM registry. Requires Node.js 14 or higher.

npm install aeglis-sdk
yarn add aeglis-sdk

Initialization

Initialize the client using your secret API key generated from the Developer Dashboard. Store this key in environment variables and never expose it on the client-side.

const Aeglis = require('aeglis-sdk');

// Initialize the secure singleton instance
// Always use environment variables — never hardcode your key
const aeglis = new Aeglis(process.env.AEGLIS_API_KEY);

Quick Scan

Used for synchronous analysis of short text, URLs, and incoming messages. Ideal for real-time chat moderation or preprocessing input links before they are rendered to users.

Syntax

aeglis.scan(inputText, endUserId);

Parameters

ParameterTypeRequiredDescription
inputTextStringYesThe raw text string or target URL to evaluate.
endUserIdStringNoInternal reference ID of your end-user for behavioral telemetry tracking. Defaults to "anonymous".

Example Request

async function handleIncomingMessage() {
    try {
        const response = await aeglis.scan(
            "Update your bank KYC immediately at http://secure-alert-update.in",
            "user_id_9982"
        );
        console.log(response);
    } catch (error) {
        console.error(error.message);
    }
}
{
  "status": "success",
  "data": {
    "risk_level": "DANGER",
    "reason": "High-confidence bank phishing attempt targeting absolute credential extraction.",
    "type": "TEXT_PHISHING"
  }
}

Deep File Scan

Triggers an asynchronous, memory-safe file decompression and autopsy inside a sandbox environment. This method operates on a fire-and-forget architecture — it returns an immediate acknowledgment and dispatches the final scanning report directly to your configured Webhook endpoint.

Syntax

aeglis.deepScan(filePath, options);

Parameters

ParameterTypeRequiredDescription
filePathStringYesAbsolute or relative system path to the target document — PDF, DOCX, or APK. Maximum allowed size: 50 MB.
options.inputTextStringNoAccompanying contextual text or message associated with the file.
options.endUserIdStringNoYour platform's unique identifier for this event. Returned inside the final webhook payload for stateless database mapping.

Example Request

async function handleDocumentUpload() {
    try {
        const response = await aeglis.deepScan(
            './uploads/user_identity_proof.pdf',
            {
                inputText: "User profile onboarding document submission",
                endUserId: "document_reference_ref_5548"
            }
        );
        console.log(response);
    } catch (error) {
        console.error(error.message);
    }
}
{
  "status": "processing",
  "message": "File accepted. Result will be dispatched to your webhook."
}

Webhook Verification

When the deep processing engine finishes parsing your file, Aeglis triggers an outbound HTTP POST to your configured endpoint. The SDK validates the signature using HMAC SHA-256 with the v1= prefix scheme.

⚠️ Critical: Pass express.raw({ type: 'application/json' }) as middleware before your route handler. Using express.json() will automatically parse the body, mutating whitespace and causing signature verification to always fail. Always capture the raw payload buffer.

Webhook Payload Format

{
  "risk_level": "DANGER",
  "reason": "Dormant executable sequence embedded within structural PDF tags discovered during disassembly.",
  "file": "user_identity_proof.pdf",
  "user_id": "document_reference_ref_5548"
}

Express Production Implementation

const express = require('express');
const Aeglis = require('aeglis-sdk');

const app = express();
const aeglis = new Aeglis(process.env.AEGLIS_API_KEY);
const WEBHOOK_SECRET = process.env.AEGLIS_WEBHOOK_SECRET;

app.post(
    '/v1/security-callback',
    express.raw({ type: 'application/json' }), // Raw body — required
    (req, res) => {
        const signatureHeader = req.headers['aeglis-signature'];
        try {
            const event = aeglis.verifyWebhook(req.body, signatureHeader, WEBHOOK_SECRET);
            const entityReferenceId = event.data.user_id;
            if (event.data.risk_level === 'DANGER') {
                console.log(`Threat in ${event.data.file}. Quarantining ref: ${entityReferenceId}`);
            } else if (event.data.risk_level === 'SAFE') {
                console.log(`Ref ${entityReferenceId} verified clean. Committing to storage.`);
            }
            res.status(200).send('OK');
        } catch (error) {
            console.error(`Signature verification failed: ${error.message}`);
            res.status(401).send('Unauthorized');
        }
    }
);

Error Handling

The SDK wraps lower-level Axios runtime anomalies into high-level, human-readable semantic error boundaries. Implement explicit defensive logic inside standard asynchronous catch blocks.

try {
    // Attempting execution with empty target parameters
    await aeglis.scan("");
} catch (error) {
    console.error(error.message);
    // Output: "Aeglis API Error: inputText is required for Quick Scan."
}
SDK Reference

Python SDK

pip install aeglis

The Aeglis Python SDK provides a secure, frictionless way to integrate the Aeglis v3 Threat Intelligence API into Django, FastAPI, Flask, or any Python-based infrastructure. The SDK natively handles multi-threaded streaming, asynchronous file processing, and cryptographic webhook verification out of the box.

Installation

Install the package from the Python Package Index. Requires Python 3.8 or higher.

pip install aeglis

Initialization

Initialize the client using your secret API key generated from the Developer Dashboard. Always store this key in environment variables and never commit it to version control.

from aeglis import Aeglis
import os

# Initialize the secure singleton instance
# Always use environment variables — never hardcode your key
client = Aeglis(api_key=os.environ["AEGLIS_API_KEY"])

Quick Scan

Used for synchronous analysis of short text, URLs, social media links, and incoming chat messages. Ideal for real-time moderation pipelines in Django, FastAPI, or Flask.

Syntax

client.scan(input_text, end_user_id)

Parameters

ParameterTypeRequiredDescription
input_textstrYesThe raw text string or target URL to evaluate.
end_user_idstrNoYour internal reference ID for the end-user, used for telemetry and tracking abuse. Defaults to "anonymous".

Example Request

try:
    response = client.scan(
        input_text="Verify your account immediately: http://secure-verification-login.in",
        end_user_id="user_db_id_8874"
    )
    print(response)
except Exception as e:
    print(f"Scanning error occurred: {e}")
{
  "status": "success",
  "data": {
    "risk_level": "DANGER",
    "reason": "High-confidence credential harvesting attempt impersonating a financial entity.",
    "type": "URL_PHISHING"
  }
}

Deep File Scan

Triggers an asynchronous, memory-safe decompression and analysis of large files inside an isolated sandbox. This method uses a fire-and-forget architecture — it returns an immediate acknowledgment and dispatches the final forensic report to your configured Webhook URL once the scan concludes.

Syntax

client.deep_scan(file_path, input_text, end_user_id)

Parameters

ParameterTypeRequiredDescription
file_pathstrYesThe absolute or relative system path to the target document — PDF, DOCX, or APK. Maximum size: 50 MB.
input_textstrNoAccompanying contextual text or message associated with the file. Improves analysis accuracy.
end_user_idstrNoYour platform's unique identifier for this document or event. This exact ID is returned inside the final webhook payload, enabling stateless database mapping.

Example Request

try:
    response = client.deep_scan(
        file_path="./downloads/user_invoice.pdf",
        input_text="User submitted billing proof during KYC verification",
        end_user_id="invoice_ref_doc_9912"  # Returned via webhook
    )
    print(response)
except Exception as e:
    print(f"Deep scan error: {e}")
{
  "status": "processing",
  "message": "File accepted. Result will be dispatched to your webhook."
}

Webhook Verification

When the deep processing engine finishes parsing the file, Aeglis dispatches an outbound HTTP POST request to your configured endpoint. The SDK seamlessly validates the cryptographic signature using HMAC SHA-256 to prevent spoofing.

from django.http import JsonResponse
from django.views.decorators.csrf import csrf_exempt
from aeglis import Aeglis, AeglisError
import os

client = Aeglis(api_key=os.environ.get("AEGLIS_API_KEY"))
WEBHOOK_SECRET = os.environ.get("AEGLIS_WEBHOOK_SECRET")

@csrf_exempt
def aeglis_webhook(request):
    raw_payload = request.body  # Capture raw bytes strictly
    signature = request.META.get("HTTP_X_AEGLIS_SIGNATURE") or request.META.get("HTTP_AEGLIS_SIGNATURE")
    
    try:
        event = client.verify_webhook(
            raw_payload=raw_payload,
            signature_header=signature,
            webhook_secret=WEBHOOK_SECRET
        )
        
        # Extract parameters from the nested data wrapper
        event_data = event.get("data", {})
        risk_level = event_data.get("risk_level")
        entity_ref = event_data.get("user_id")
        
        if risk_level == "DANGER":
            print(f"Threat detected. Quarantining ref: {entity_ref}")
        elif risk_level == "SAFE":
            print(f"Ref {entity_ref} verified clean.")
            
        return JsonResponse({"status": "processed"})
        
    except AeglisError as e:
        print(f"Verification failed: {e}")
        return JsonResponse({"error": "Invalid signature"}, status=400)
from fastapi import FastAPI, Request, HTTPException
from aeglis import Aeglis, AeglisError
import os

app = FastAPI()
client = Aeglis(api_key=os.environ.get("AEGLIS_API_KEY"))
WEBHOOK_SECRET = os.environ.get("AEGLIS_WEBHOOK_SECRET")

@app.post("/webhook")
async def aeglis_webhook(request: Request):
    raw_payload = await request.body()
    signature = request.headers.get("x-aeglis-signature") or request.headers.get("aeglis-signature")
    
    try:
        event = client.verify_webhook(
            raw_payload=raw_payload,
            signature_header=signature,
            webhook_secret=WEBHOOK_SECRET
        )
        
        event_data = event.get("data", {})
        risk_level = event_data.get("risk_level")
        entity_ref = event_data.get("user_id")
        
        if risk_level == "DANGER":
            print(f"Threat detected. Quarantining ref: {entity_ref}")
        elif risk_level == "SAFE":
            print(f"Ref {entity_ref} verified clean.")
            
        return {"status": "processed"}
        
    except AeglisError as e:
        print(f"Verification failed: {e}")
        raise HTTPException(status_code=400, detail="Invalid signature")

Error Handling

The SDK wraps lower-level API anomalies into granular, human-readable exceptions. Implement defensive logic using standard try-except blocks. Two exception types are raised: ValueError for client-side validation errors and AeglisError for server-side failures.

from aeglis import Aeglis, AeglisError
import os

client = Aeglis(api_key=os.environ["AEGLIS_API_KEY"])

try:
    client.scan(input_text="")  # Empty string validation check
except ValueError as e:
    print(f"Validation error: {e}")
    # Output: input_text is required.
except AeglisError as e:
    print(f"Aeglis server error: {e}")